[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: How to block spammers appearing as local users?
From: mouss <mouss () ml ! netoyen ! net>
Date: 2009-08-31 22:32:38
Message-ID: 20090831223240.8A26B2CF1F5 () english-breakfast ! cloud9 ! net
[Download RAW message or body]
nunatarsuaq a écrit :
> I'm getting spam messages appearing to be sent remotely from local users.
> Here's my log:
>
> Aug 30 11:46:28 ghost postfix/smtpd[26223]: connect from
> ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]
> Aug 30 11:46:30 ghost postfix/smtpd[26223]: 42593163773:
> client=ppp-124-122-30-5.revip2.asianet.co.th[124.122.30.5]
> Aug 30 11:46:31 ghost postfix/cleanup[26225]: 42593163773:
> message-id=<20090830094630.42593163773@ghost.emg-systems.com>
> Aug 30 11:46:31 ghost postfix/qmgr[21028]: 42593163773:
> from=<mylocaluser@emg-systems.com>, size=2438, nrcpt=1 (queue active)
> Aug 30 11:46:31 ghost amavis[25393]: (25393-11) ESMTP::10024
> /var/spool/amavis/tmp/amavis-20090830T075552-25393:
> <mylocaluser@emg-systems.com> -> <mylocaluser@emg-systems.com>
> SIZE=2438 Received: from ghost.emg-systems.com
>
> [... here checking by amavis and spam-tagging...]
>
> Aug 30 11:46:37 ghost postfix/cleanup[26225]: AC044163811:
> message-id=<20090830094630.42593163773@ghost.emg-systems.com>
> Aug 30 11:46:37 ghost postfix/qmgr[21028]: AC044163811:
> from=<mylocaluser@emg-systems.com>, size=3431, nrcpt=1 (queue active)
> Aug 30 11:46:37 ghost postfix/smtpd[26229]: disconnect from localhost[127.0.0.1]
> Aug 30 11:46:37 ghost amavis[25393]: (25393-11) FWD via SMTP:
> <mylocaluser@emg-systems.com> -> <mylocaluser@emg-systems.com>, 250
> 2.6.0 Ok, id=25393-11, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok:
> queued as AC044163811
> [...]
> Aug 30 11:46:38 ghost postfix/lmtp[26232]: AC044163811:
> to=<mylocaluser@emg-systems.com>,
> relay=ghost.emg-systems.com[/var/lib/imap/socket/lmtp], delay=0.43,
> delays=0.12/0.04/0.02/0.25, dsn=2.1.5, status=sent (250 2.1.5 Ok)
> Aug 30 11:46:38 ghost postfix/qmgr[21028]: AC044163811: removed
>
> How come my server accepts deliveries of this kind?
>
Instead of cousing on the sender, focus on the client. that client has
no business sending mail to anyone.
try this
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_rbl_client zen.spamhaus.org
> [snip]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic